We are using opensource versions of logstash docker Images.
Our security team found that these images contain log4j-core-2.17.0.jar which is found to be vulnerable.
Can someone provide us an update as of when will be newer version of image available with updated version of log4j-core-2.17.1.jar
Welcome to our community!
Vulnerable for what exactly?
2.17.1 fixed CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.